Amendments to the Claims: 

Please amend claim 1, 29, 57, 63, 68 and 73 as follows: 

1 . (Currently Amended) A method comprising: 

receiving into an execution environment input component code and a runtime 
security polic y, wherein the runtime security policy comprises an assignment of rights to 
the input component code and security checks performed as the input component code is 
loaded : and 

generating a call graph of call paths through the input component code simulated 
in combination with at least one symbolic component representing additional arbitrary 
code that complies with the runtime security policy. 

2. (Original) The method of claim 1 wherein a possible execution path through the input 
component code that is compliant with the runtime security policy is represented by an 
individual call path. 

3. (Original) The method of claim 1 wherein at least one node in the call graph includes 
a symbolic permission set and a known method implementation. 

4. (Original) The method of claim 1 wherein at least one node in the call graph includes 
a symbolic permission set and a token representing an unknown method implementation. 

5. (Original) The method of claim 1 wherein the generating operation comprises: 

initializing a symbolic value that represents data values that may be obtained by 
the arbitrary code at runtime. 

6. (Original) The method of claim 1 wherein the generating operation comprises: 
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updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of an additional data value that may be 
passed as a parameter to the arbitrary code at runtime. 

7. (Original) The method of claim 1 wherein the generating operation comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of a new dataflow to the arbitrary code. 

8. (Original) The method of claim 1 wherein the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of arbitrary code. 

9. (Original) The method of claim 1 wherein the generating operation comprises: 

identifying one or more methods of the input code component that can be called 
by the arbitrary code. 

10. (Original) The method of claim 1 wherein the generating operation comprises: 

identifying one or more methods of the input component code that can be called 
by the arbitrary code; and 

identifying one or more other methods of the input component code that can be 
called by the identified one or more methods of the input component code. 

11. (Original) The method of claim 1 wherein the generating operation comprises: 

identifying one or more methods of the input component code that can be called 
by the arbitrary code; and 

identifying at least one method of the arbitrary code that can be called by a virtual 
call of the identified one or more methods of the input component code. 
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12. (Original) The method of claim 1 wherein any method reachable by execution in 
accordance with the runtime security policy is represented by one of more nodes in the 
call graph. 

13. (Original) The method of claim 1 wherein the generating operation comprises: 

generating at least one constraint associated with one or more instructions in the 
input component code. 

14. (Original) The method of claim 1 wherein the generating operation comprises: 

generating at least one constraint associated with a parameter of a method call in 
the input component code. 

15. (Original) The method of claim 1 wherein the generating operation comprises: 

generating at least one constraint associated with a returned result of a method 
call in the input component code. 

16. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a call path that presents a security 
vulnerability in the input component code. 

17. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a call path that presents a security 
vulnerability in the input component code and a call path that presents no security 
vulnerability in the input component code. 

18. (Original) The method of claim 1 further comprising: 

analyzing the call graph to generate a security report that identifies a security 
vulnerability in the input component code. 
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19. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a call path that satisfies a query. 

20. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a security-vulnerable usage of a permission 
demand. 

21. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a security-vulnerable usage of a permission 
assertion. 

22. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a lack of uniform usage of security checks. 

23. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify an equivalence between use of a permission 
link-demand and a permission demand. 

24. (Original) The method of claim 1 wherein the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input 
component code; and 

evaluating the at least one constraint by a symbolic computation on potential 
target classes for the virtual call in the generated class hierarchy. 

25. (Original) The method of claim 1 wherein the generating operation comprises: 
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generating at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; and 

conditionally generating at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation. 

26. (Original) The method of claim 1, further comprising 

analyzing the call graph to classify, based on permissions, pieces of code 
performing sensitive actions in the input component code. 

27. (Original) The method of claim 1, further comprising 

analyzing the call graph and another call graph obtained for a different version of 
input component code to generate a security report that identifies a security vulnerability 
in the different version of the input component code. 

28. (Original) The method of claim 1, further comprising 

analyzing the call graph and another call graph obtained for a different version of 
input component code to identify a call path that presents a security vulnerability in the 
different version of the input component code. 

29. (Currently Amended) A computer program storage medium encoding a computer 
program for executing on a computer system a computer process, the computer process 
comprising: 

receiving into an execution environment input component code and a runtime 
security polic y, wherein the runtime security policy comprises an assignment of rights to 
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the input component code and security checks performed as the input component code is 
loaded ; and 

generating a call graph of call paths through the input component code simulated 
in combination with at least one symbolic component representing additional arbitrary 
code that complies with the runtime security policy. 

30. (Previously Presented) The computer program storage medium of claim 29 wherein a 
possible execution path through the input component code that is compliant with the 
runtime security policy is represented by an individual call path. 

3 1 . (Previously Presented) The computer program storage medium of claim 29 wherein 
at least one node in the call graph includes a symbolic permission set and a known 
method implementation. 

32. (Previously Presented) The computer program storage medium of claim 29 wherein 
at least one node in the call graph includes a symbolic permission set and a token 
representing an unknown method implementation. 

33. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

initializing a symbolic value that represents data values that may be obtained by 
the arbitrary code at runtime. 

34. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of an additional data value that may be 
passed as a parameter to the arbitrary code at runtime. 
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35. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of a new dataflow to the arbitrary code. 

36. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of arbitrary code. 

37. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

identifying one or more methods of the input component code that can be called 
by the arbitrary code. 

38. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

identifying one or more methods of the input component code that can be called 
by the arbitrary code; and 

identifying one or more other methods of the input component code that can be 
called by the identified one or more methods of the input component code. 

39. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

identifying one or more methods of the input component code that can be called 
by the arbitrary code; and 
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identifying at least one method of the arbitrary code that can be called by a virtual 
call of the identified one or more methods of the input component code. 

40. (Previously Presented) The computer program storage medium of claim 29 wherein 
any method reachable by execution in accordance with the runtime security policy is 
represented by one of more nodes in the call graph. 

41. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

generating at least one constraint associated with one or more instructions in the 
input component code. 

42. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

generating at least one constraint associated with a parameter of a method call in 
the input component code. 

43. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

generating at least one constraint associated with a returned result of a method 
call in the input component code. 

44. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify a call path that presents a security 
vulnerability in the input component code. 
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45. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify a call path that presents a security 
vulnerability in the input component code and a call path that presents no security 
vulnerability in the input component code. 

46. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to generate a security report that identifies a security 
vulnerability in the input component code. 

47. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify a call path that satisfies a query. 

48. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission 
demand. 

49. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission 
assertion. 

50. (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify a lack of uniform usage of security checks. 
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5 1 . (Previously Presented) The computer program storage medium of claim 29 wherein 
the computer process further comprises: 

analyzing the call graph to identify an equivalence between use of a permission 
link-demand and a permission demand. 

52. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input 
component code; and 

evaluating the at least one constraint by a symbolic computation on potential 
target classes for the virtual call in the generated class hierarchy. 

53. (Previously Presented) The computer program storage medium of claim 29 wherein 
the generating operation comprises: 

generating at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; and 

conditionally generating at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation. 

54. (Previously Presented) The computer program storage medium of claim 29 further 
comprising 
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analyzing the call graph to classify, based on permissions, pieces of code 
performing sensitive actions in the input component code. 

55. (Previously Presented) The computer program storage medium of claim 29 further 
comprising 

analyzing the call graph and another call graph obtained for a different version of 
input component code to generate a security report that identifies a security vulnerability 
in the different version of the input component code. 

56. (Previously Presented) The computer program storage medium of claim 29 further 
comprising 

analyzing the call graph and another call graph obtained for a different version of 
input component code to identify a call path that presents a security vulnerability in the 
different version of the input component code. 

57. (Currently Amended) A system comprising: 

a processing unit; 

a call graph generator executing on the processing unit that receives into an 
execution environment input component code and a runtime security policy and generates 
a call graph of call paths through the input component code simulated in combination 
with at least one symbolic component that represents additional arbitrary code that 
complies with the runtime security policy , wherein the runtime security policy comprises 
an assignment of rights to the input component code and security checks performed as the 
input component code is loaded . 

58. (Original) The system of claim 57 wherein a possible execution path through the 
input component code that is compliant with the runtime security policy is represented by 
an individual call path. 
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59. (Previously Presented) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph 
to identify a security-vulnerable usage of a permission demand. 

60. (Previously Presented) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph 
to identify a security-vulnerable usage of a permission assertion. 

61. (Previously Presented) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph 
to identify a lack of uniform usage of security checks. 

62. (Previously Presented) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph 
to identify an equivalence between use of a permission link-demand and a permission 
demand. 

63. (Currently Amended) A method comprising: 

analyzing relative to at least one query a call graph of call paths through input 
component code simulated in combination with at least one symbolic component 
representing additional arbitrary code that complies with a runtime security policy^ 
wherein the runtime security policy comprises an assignment of rights to the input 
component code and security checks performed as the input component code is loaded ; 
and 

identifying a subset of the call paths in the call graph that satisfy the query. 

64. (Original) The method of claim 63 wherein the analyzing operation comprises: 
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analyzing the call graph to identify a security-vulnerable usage of a permission 
demand. 

65. (Original) The method of claim 63 wherein the analyzing operation comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission 
assertion. 

66. (Original) The method of claim 63 wherein the analyzing operation comprises: 

analyzing the call graph to identify a lack of uniform usage of security checks. 

67. (Original) The method of claim 63 wherein the analyzing operation comprises: 

analyzing the call graph to identify an equivalence between use of a permission 
link-demand and a permission demand. 

68. (Currently Amended) A computer program storage medium encoding a computer 
program for executing on a computer system a computer process, the computer process 
comprising: 

analyzing relative to at least one query a call graph of call paths through input 
component code simulated in combination with at least one symbolic component 
representing additional arbitrary code that complies with a runtime security policy^ 
wherein the runtime security policy comprises an assignment of rights to the input 
component code and security checks performed as the input component code is loaded ; 
and 

identifying a subset of the call paths in the call graph that satisfy the query. 

69. (Previously Presented) The computer program storage medium of claim 68 wherein 
the computer process further comprises: 
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analyzing the call graph to identify a security-vulnerable usage of a permission 
demand. 

70. (Previously Presented) The computer program storage medium of claim 68 wherein 
the computer process further comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission 
assertion. 

71. (Previously Presented) The computer program storage medium of claim 68 wherein 
the computer process further comprises: 

analyzing the call graph to identify a lack of uniform usage of security checks. 

72. (Previously Presented) The computer program storage medium of claim 68 wherein 
the computer process further comprises: 

analyzing the call graph to identify an equivalence between use of a permission 
link-demand and a permission demand. 

73. (Currently Amended) A system comprising: 

a processing unit and a memory; 

a call graph analyzer executing on the processing unit, the call graph analyzer 
analyzing relative to at least one query a call graph of call paths through input component 
code simulated in combination with at least one symbolic component representing 
additional arbitrary code that complies with a runtime security polic y, wherein the 
runtime security policy comprises an assignment of rights to the input component code 
and security checks performed as the input component code is loaded , and 

identifying a subset of the call paths in the call graph that satisfy the query. 
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74. (Original) The system of claim 73 wherein the call graph analyzer analyzes the call 
graph to identify a security- vulnerable usage of a permission demand. 

75. (Original) The system of claim 73 wherein the call graph analyzer analyzes the call 
graph to identify a security-vulnerable usage of a permission assertion. 

76. (Original) The system of claim 73 wherein the call graph analyzer analyzes the call 
graph to identify a lack of uniform usage of security checks. 

77. (Original) The system of claim 73 wherein the call graph analyzer analyzes the call 
graph to identify an equivalence between use of a permission link-demand and a 
permission demand. 
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